* Adam Bozanich (Mu Security) reported boundary errors in the cddb_parse_matches_list() and cddb_query_parse() functions in the file stream_cddb.c when parsing CDDB album titles (CVE-2008-0629) and in the url_scape_string() function in the file stream/url.c when parsing URLS (CVE-2008-0630).

Impact======

A remote attacker could entice a user to open a specially crafted file,possibly resulting in the execution of arbitrary code with theprivileges of the user running MPlayer.

This GLSA and any updates to it are available for viewing atthe Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200803-16.xml

Concerns?=========

Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttp://bugs.gentoo.org.